Blog Archives

Word has spread through Facebook that the popular Fan Check application may actually be a virus. Many Facebook users who have downloaded the application have made complaints that their accounts were being hacked and sending unintentional messages to their contacts.

The application, which became available only recently, monitors the friends that comment on your wall or photos the most, and ranks them from highest to lowest. Shortly after it became available on the social networking site, groups already began forming asking for Facebook to ban the new application and warning fellow users not to download it.

Dozens of people experience computers hacks everyday spanning from stolen Facebook login credentials that result in embarrassing status updates, to something more serious like bank or identity theft. Stealing these passwords used to be reserved for computer savvy hackers or psycho ex girlfriends, but apparently now all you need is a $100 cash to hack an e-mail account. A website called YourHackerz.com claims that, with the exception of .gov and .edu, they can get the password and effectively hack into any e-mail account. And if you use the same password for multiple accounts, you could be in serious trouble.

Although hacking into someone’s e-mail is considered a federal offense, it is treated like a misdemeanor as long as no other laws are broken. Orin Kerr, a George Washington University law professor and former computer crimes attorney, stated “The Feds don’t usually have the resources to investigate and prosecute misdemeanors. And part of the reason is that normally it’s hard to know when an account has been compromised, because e-mail snooping doesn’t leave a trace.”

However, there are some simple steps that every person can take to help make sure that they are not so easily defeated. Simple things such as keeping passwords secret and consistently changing passwords can greatly decrease the probability of getting hacked. Also, one should refrain from using the same password for more than one account. Using a combination of numbers and letters can also increase password strength, making it harder to figure out and crack. Simple preventative measures is all it takes to help keep yourself a little safer in today’s technological world.

With the recent release of Mac’s Snow Leopard and the upcoming Windows 7, it’s only natural that hackers gave their viruses an upgrade as well. According to security company RSA, the Zeus trojan virus now employs the use of instant messaging. After the Zeus trojan has gotten a hold of someone’s account, a hacker will automatically receive an instant message notifying him that that his hack was successful.

Once installed on a PC, the Zeus virus sends the hacker the user’s log-in information and passwords. Then a module, that can be applied to the virus, can search for information specifically concerning financial institutions. A security company called Damballa estimates that the number of PCs that have been infected with the virus are currently at around 3.6 million, making the Zeus Trojan one of the most aggressive invasive malware viruses around.

In the never-ending war against shadowy Internet criminals, gangs based in Eastern Europe that electronically break into business computers, steal banking passwords, and transfer the money are a particularly dangerous and mysterious group. With their methods, they are hard enough to defeat as is, but they are also being accidentally aided in their actions through an unlikely source.

A lawsuit was filed on Wednesday in the United States District Court for the Eastern District of Virginia against this group of hackers by Unspam Technologies, an organization that gathers volunteers to discover information about spammers and other online rogues. In a refreshing bit of honesty, the lawyer for Unspam, Jon L. Praed, admits it is very unlikely the company will ever discover the name of these hackers. He claims instead that the purpose of the suit is to obtain the details of the thefts, the names of victims and other information from the compromised computers in an attempt to increase security. The banks that have been affected by hackers are usually very reclusive in cases like these, therefore inadvertently aiding the hackers. By forcing the banks to give up information, Praed believes that security can be improved and the hackers can possibly be discovered.

Mr. Praed, who is head of the Internet Law Group in Arlington Virginia, has successfully used these “John Doe” suits (so called because the unnamed defendant is identified only as John Doe), to get information from third parties that can be passed to law enforcement and then used on civil suits to go after the main party. Back in 2007, Praed helped Unspam file a suit for the purpose of gathering info on illegal Internet pharmacies and their supporters, though its results are unknown.

“This lawsuit is intended to provide all those being victimized by this massive criminal enterprise the opportunity to come together to gather the data we need to fix the problem at a systems level,” Mr. Praed said.

While it seems that Praed believes he is fighting the good fight, banks may fight back against his subpoenas, even if they’re getting hurt by these hackers.

Banks do not want to get involved in these lawsuits and cases for a number of reasons. They argue that it’s a poor idea to publicize the techniques used by criminals in fraud cases or those meant to thwart them. Wit more information out in the open, it may only lead to more fraud attempts. Banks also want to keep these cases quiet to preserve the confidence and confidentiality of their customers.

“Banks are not the perpetrators of these crimes, and banks are spending tens or hundreds of millions of dollars of industry dollars trying to prevent those acts from taking place,” said Scott H. Frewing, a partner at the Baker & McKenzie law firm, which represents major banks. “The use of John Doe lawsuits to draw them into a civil litigation fight just raises the cost on the banks in a way that the courts may not sanction.”

Mr. Praed said that he hoped his John Doe lawsuit would encourage banks to improve their electronic defenses. “Unless we want to go back to putting our money in a mattress, more needs to be done.”

The U.S. Department of Justice announced on Monday that Albert Gonzalez along with two others were being indicted for five new corporate data breaches, aside from his most famous escapade: the infamous TJ Maxx breech that affected 94 million accounts. Gonzalez, indicted in 2008, is the supposed ring leader of a cybercrime enterprise that was able to steal around 170 credit and debit card numbers from companies such as Heartland Payment Systems, Hannaford Brothers Co., and even 7-Eleven. Gonzalez and his cohorts targeted Fortune 500 companies by finding physical and virtual weaknesses within the organizations to exploit.

Investigators were left asking, how did he do it? Gonzalez’ approach was simple. He would first identify point of sale machines and upload information to create a hacking platform. He would then launch a SQL-injection attack on the system using instant messages to relay his discoveries to his partners in crime. Using malware and sniffers they were able to absorb the credit card numbers with relative ease. They avoided detection by using intermediary, or “proxy,” computers and testing their malware against twenty of the leading anti-virus products. While none of these tactics solicit technological genius, it was more than enough to exploit the weak defenses these powerful companies had.

The next time you go to get money out of the ATM machine, think again because you might be giving away your identity.

An attendee of the Defcon conference on cybersecurity, found a breach of security in the very hotel- The Riviera Hotel- the conference was being given: a fake ATM machine. A computer that was hidden inside the ATM was designed to scan debit cards when they are swiped through the machine, said officials who came to retrieve the suspicious machine.

Two researchers working at security firm Inverse Path, recently came out with a paper that reveals a disturbing discovery about many common keyboards. It turns out that the poor shielding used on many keyboard’s PS/2 cables can allow hackers to snoop on what you’ve been typing. When a key is pressed, the data leaks onto the earth wire that connects to the PC’s power unit, which in turns connects to the plug in the power socket. From there, the data potentially leaks out onto the power circuit that is supplying electricity in a room.

“The PS/2 signal square wave is preserved with good quality… and can be decoded back to the original keystroke information,” wrote the pair in a paper describing their work.

The folks over at Inverse Path have even been able to demonstrate this working over distances up to 15 meters.

Microsoft Corp. may be on the top of the computer business, but it is certainly not perfect, as the company learned Monday July 6th when they had to reveal the details of a computer security threat the company has not taken the steps to fix.

The threat revealed Monday by Microsoft affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software. This vulnerability allows hackers to remotely take control of any victims machine, after the victim has visited an infected site. Criminals have been exploiting this vulnerability for almost a week, with thousands of sites having been hacked during this time. People travel to these sites by clicking links found in spam e-mails. The threat affects the section of the Microsoft software that is used to play video, and the flaw arises from how the software and Internet Explorer come together with one another. The error in their interaction allows for a hole which hackers can tunnel into.

Microsoft is telling its users to disable the flawed part of its software to protect their computer. Instructions to do this can be found on Microsoft’s website. Meanwhile, the company will work on a “patch”, or software fix, for the problem.